X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fnet%2Fixgbe%2Fixgbe_ipsec.c;h=48f5082d49204b1c78acde43251981645363b8ba;hb=c3318f529c28e8320ac43f86f214f93e2190445d;hp=683ab88a607115ab988daccd764538247505becb;hpb=323e7b667f18376c60351282950b28d4d0cc6165;p=dpdk.git diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c index 683ab88a60..48f5082d49 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ixgbe/ixgbe_ipsec.c @@ -97,6 +97,7 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) { int i, ip_index = -1; + uint8_t *key; /* Find a match in the IP table*/ for (i = 0; i < IPSEC_MAX_RX_IP_COUNT; i++) { @@ -154,8 +155,12 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) priv->rx_sa_tbl[sa_index].mode |= (IPSRXMOD_PROTO | IPSRXMOD_DECRYPT); - if (ic_session->dst_ip.type == IPv6) + if (ic_session->dst_ip.type == IPv6) { priv->rx_sa_tbl[sa_index].mode |= IPSRXMOD_IPV6; + priv->rx_ip_tbl[ip_index].ip.type = IPv6; + } else if (ic_session->dst_ip.type == IPv4) + priv->rx_ip_tbl[ip_index].ip.type = IPv4; + priv->rx_sa_tbl[sa_index].used = 1; /* write IP table entry*/ @@ -189,23 +194,32 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) IXGBE_WAIT_RWRITE; /* write Key table entry*/ + key = malloc(ic_session->key_len); + if (!key) + return -ENOMEM; + + memcpy(key, ic_session->key, ic_session->key_len); + reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE | IPSRXIDX_TABLE_KEY | (sa_index << 3); IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(0), - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12])); + rte_cpu_to_be_32(*(uint32_t *)&key[12])); IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(1), - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8])); + rte_cpu_to_be_32(*(uint32_t *)&key[8])); IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(2), - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4])); + rte_cpu_to_be_32(*(uint32_t *)&key[4])); IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(3), - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0])); + rte_cpu_to_be_32(*(uint32_t *)&key[0])); IXGBE_WRITE_REG(hw, IXGBE_IPSRXSALT, rte_cpu_to_be_32(ic_session->salt)); IXGBE_WRITE_REG(hw, IXGBE_IPSRXMOD, priv->rx_sa_tbl[sa_index].mode); IXGBE_WAIT_RWRITE; + free(key); + } else { /* sess->dir == RTE_CRYPTO_OUTBOUND */ + uint8_t *key; int i; /* Find a free entry in the SA table*/ @@ -227,19 +241,27 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) priv->tx_sa_tbl[i].used = 1; ic_session->sa_index = sa_index; + key = malloc(ic_session->key_len); + if (!key) + return -ENOMEM; + + memcpy(key, ic_session->key, ic_session->key_len); + /* write Key table entry*/ reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE | (sa_index << 3); IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(0), - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12])); + rte_cpu_to_be_32(*(uint32_t *)&key[12])); IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(1), - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8])); + rte_cpu_to_be_32(*(uint32_t *)&key[8])); IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(2), - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4])); + rte_cpu_to_be_32(*(uint32_t *)&key[4])); IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(3), - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0])); + rte_cpu_to_be_32(*(uint32_t *)&key[0])); IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT, rte_cpu_to_be_32(ic_session->salt)); IXGBE_WAIT_TWRITE; + + free(key); } return 0; @@ -364,6 +386,7 @@ ixgbe_crypto_create_session(void *device, conf->crypto_xform->aead.algo != RTE_CRYPTO_AEAD_AES_GCM) { PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n"); + rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } aead_xform = &conf->crypto_xform->aead; @@ -373,6 +396,7 @@ ixgbe_crypto_create_session(void *device, ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n"); + rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } else { @@ -380,11 +404,13 @@ ixgbe_crypto_create_session(void *device, ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION; } else { PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n"); + rte_mempool_put(mempool, (void *)ic_session); return -ENOTSUP; } } ic_session->key = aead_xform->key.data; + ic_session->key_len = aead_xform->key.length; memcpy(&ic_session->salt, &aead_xform->key.data[aead_xform->key.length], 4); ic_session->spi = conf->ipsec.spi; @@ -395,6 +421,7 @@ ixgbe_crypto_create_session(void *device, if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) { if (ixgbe_crypto_add_sa(ic_session)) { PMD_DRV_LOG(ERR, "Failed to add SA\n"); + rte_mempool_put(mempool, (void *)ic_session); return -EPERM; } }